Class PDSeedValueCertificate
- java.lang.Object
-
- org.apache.pdfbox.pdmodel.interactive.digitalsignature.PDSeedValueCertificate
-
- All Implemented Interfaces:
COSObjectable
public class PDSeedValueCertificate extends java.lang.Object implements COSObjectable
This class represents a certificate seed value dictionary that is in the seed value which puts constraints on certificates when signing documents.
-
-
Field Summary
Fields Modifier and Type Field Description private COSDictionary
dictionary
static int
FLAG_ISSUER
A Ff flag.static int
FLAG_KEY_USAGE
A Ff flag.static int
FLAG_OID
A Ff flag.static int
FLAG_SUBJECT
A Ff flag.static int
FLAG_SUBJECT_DN
A Ff flag.static int
FLAG_URL
A Ff flag.
-
Constructor Summary
Constructors Constructor Description PDSeedValueCertificate()
Default constructor.PDSeedValueCertificate(COSDictionary dict)
Constructor.
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description void
addIssuer(byte[] issuer)
array of bytes containing DER-encoded X.509v3 certificates of acceptable issuers.void
addKeyUsage(char digitalSignature, char nonRepudiation, char keyEncipherment, char dataEncipherment, char keyAgreement, char keyCertSign, char cRLSign, char encipherOnly, char decipherOnly)
works likeaddKeyUsage(String)
but enters each character separatelyvoid
addKeyUsage(java.lang.String keyUsageExtension)
(Optional; PDF 1.7) specifies an acceptable key-usage extension that must be presennt in the signing certificate for works likesetKeyUsage(List)
but takes only one stringvoid
addOID(byte[] oid)
works likesetOID(List)
but for one objectvoid
addSubject(byte[] subject)
(Optional) byte array containing DER-encoded X.509v3 certificate that is acceptable for signing.private static COSArray
convertListOfByteArraysToCOSArray(java.util.List<byte[]> strings)
COSDictionary
getCOSObject()
Convert this standard java object to a COS dictionary.java.util.List<byte[]>
getIssuer()
Returns list of array of bytes of DER-encoded X.509v3 certificatesjava.util.List<java.lang.String>
getKeyUsage()
Returns list of key usages of certificate strings where each string is 9 characters long and each character is one of these values {0, 1, X} 0 for must not set, 1 for must set, X for don't care.private static java.util.List<byte[]>
getListOfByteArraysFromCOSArray(COSArray array)
java.util.List<byte[]>
getOID()
Returns A list of array of bytes that contain Object Identifiers (OIDs) of the certificate policies that must be present in the signing certificatejava.util.List<byte[]>
getSubject()
Returns list of byte arrays that contains DER-encoded X.509v3 certificatesjava.util.List<java.util.Map<java.lang.String,java.lang.String>>
getSubjectDN()
Returns list of maps that contains subject distinguished names like [(cn: John Doe, o: Doe), (cn: John Smith)] both keys are typically of the form 'cn', 'o', 'email', '2.5.4.43'; and values are text strings.java.lang.String
getURL()
returns String of the URLjava.lang.String
getURLType()
A name indicating the usage of the URL entry.boolean
isIssuerRequired()
boolean
isKeyUsageRequired()
boolean
isOIDRequired()
boolean
isSubjectDNRequired()
boolean
isSubjectRequired()
boolean
isURLRequired()
void
removeIssuer(byte[] issuer)
Removes an issuer from the issuers listvoid
removeKeyUsage(java.lang.String keyUsageExtension)
Removes a key usage extensionvoid
removeOID(byte[] oid)
removes an OID from the listvoid
removeSubject(byte[] subject)
removes a subject from the listvoid
setIssuer(java.util.List<byte[]> issuers)
(Optional) A list of array of bytes containing DER-encoded X.509v3 certificates of acceptable issuers.void
setIssuerRequired(boolean flag)
set true if Issuer shall be required as a constraint on signature.void
setKeyUsage(java.util.List<java.lang.String> keyUsageExtensions)
(Optional; PDF 1.7) A List of ASCII strings, where each string specifies an acceptable key-usage extension that must be present in the signing certificate.void
setKeyUsageRequired(boolean flag)
set true if KeyUsage shall be required as a constraint on signature.void
setOID(java.util.List<byte[]> oidByteStrings)
(Optional) A list of byte arrays that contain Object Identifiers (OIDs) of the certificate policies that must be present in the signing certificate.void
setOIDRequired(boolean flag)
set true if OID shall be required as a constraint on signature.void
setSubject(java.util.List<byte[]> subjects)
(Optional) A list of byte arrays containing DER-encoded X.509v3 certificates that are acceptable for signing.void
setSubjectDN(java.util.List<java.util.Map<java.lang.String,java.lang.String>> subjectDN)
(Optional; PDF 1.7) A list of maps, where each map contains key value pairs, that specify the Subject Distinguished Name (DN) that must be present within the certificate for it to be acceptable for signing.void
setSubjectDNRequired(boolean flag)
set true if subject DN shall be required as a constraint on signature.void
setSubjectRequired(boolean flag)
set true if subject shall be required as a constraint on signature.void
setURL(java.lang.String url)
(Optional) A URL, the use for which is defined by the URLType entry.void
setURLRequired(boolean flag)
set true if URL shall be required as a constraint on signature.void
setURLType(java.lang.String urlType)
(Optional; PDF 1.7) A name indicating the usage of the URL entry.
-
-
-
Field Detail
-
FLAG_SUBJECT
public static final int FLAG_SUBJECT
A Ff flag.- See Also:
- Constant Field Values
-
FLAG_ISSUER
public static final int FLAG_ISSUER
A Ff flag.- See Also:
- Constant Field Values
-
FLAG_OID
public static final int FLAG_OID
A Ff flag.- See Also:
- Constant Field Values
-
FLAG_SUBJECT_DN
public static final int FLAG_SUBJECT_DN
A Ff flag.- See Also:
- Constant Field Values
-
FLAG_KEY_USAGE
public static final int FLAG_KEY_USAGE
A Ff flag.- See Also:
- Constant Field Values
-
FLAG_URL
public static final int FLAG_URL
A Ff flag.- See Also:
- Constant Field Values
-
dictionary
private final COSDictionary dictionary
-
-
Constructor Detail
-
PDSeedValueCertificate
public PDSeedValueCertificate()
Default constructor.
-
PDSeedValueCertificate
public PDSeedValueCertificate(COSDictionary dict)
Constructor.- Parameters:
dict
- The certificate seed value dictionary.
-
-
Method Detail
-
getCOSObject
public COSDictionary getCOSObject()
Convert this standard java object to a COS dictionary.- Specified by:
getCOSObject
in interfaceCOSObjectable
- Returns:
- The COS dictionary that matches this Java object.
-
isSubjectRequired
public boolean isSubjectRequired()
- Returns:
- true if the Subject is required
-
setSubjectRequired
public void setSubjectRequired(boolean flag)
set true if subject shall be required as a constraint on signature.- Parameters:
flag
- if true, the specified Subject shall be enforced as a constraint.
-
isIssuerRequired
public boolean isIssuerRequired()
- Returns:
- true if the Issuer is required
-
setIssuerRequired
public void setIssuerRequired(boolean flag)
set true if Issuer shall be required as a constraint on signature.- Parameters:
flag
- if true, the specified Issuer shall be enforced as a constraint.
-
isOIDRequired
public boolean isOIDRequired()
- Returns:
- true if the OID is required
-
setOIDRequired
public void setOIDRequired(boolean flag)
set true if OID shall be required as a constraint on signature.- Parameters:
flag
- if true, the specified OID shall be enforced as a constraint.
-
isSubjectDNRequired
public boolean isSubjectDNRequired()
- Returns:
- true if the Subject DN is required
-
setSubjectDNRequired
public void setSubjectDNRequired(boolean flag)
set true if subject DN shall be required as a constraint on signature.- Parameters:
flag
- if true, the specified Subject DN shall be enforced as a constraint.
-
isKeyUsageRequired
public boolean isKeyUsageRequired()
- Returns:
- true if the KeyUsage is required
-
setKeyUsageRequired
public void setKeyUsageRequired(boolean flag)
set true if KeyUsage shall be required as a constraint on signature.- Parameters:
flag
- if true, the specified KeyUsage shall be enforced as a constraint.
-
isURLRequired
public boolean isURLRequired()
- Returns:
- true if the URL is required
-
setURLRequired
public void setURLRequired(boolean flag)
set true if URL shall be required as a constraint on signature.- Parameters:
flag
- if true, the specified URL shall be enforced as a constraint.
-
getSubject
public java.util.List<byte[]> getSubject()
Returns list of byte arrays that contains DER-encoded X.509v3 certificates- Returns:
- a list of bytes arrays representing the subject.
-
setSubject
public void setSubject(java.util.List<byte[]> subjects)
(Optional) A list of byte arrays containing DER-encoded X.509v3 certificates that are acceptable for signing. if Subject is not null andisSubjectRequired()
is true then the subject constraint is enforced on the subjects in this array subjects.- Parameters:
subjects
- list of byte arrays containing DER-encoded X.509v3 certificates that are acceptable for signing.
-
addSubject
public void addSubject(byte[] subject)
(Optional) byte array containing DER-encoded X.509v3 certificate that is acceptable for signing. works likesetSubject(List)
but one byte array- Parameters:
subject
- byte array containing DER-encoded X.509v3 certificate
-
removeSubject
public void removeSubject(byte[] subject)
removes a subject from the list- Parameters:
subject
- byte array containing DER-encoded X.509v3 certificate
-
getSubjectDN
public java.util.List<java.util.Map<java.lang.String,java.lang.String>> getSubjectDN()
Returns list of maps that contains subject distinguished names like [(cn: John Doe, o: Doe), (cn: John Smith)] both keys are typically of the form 'cn', 'o', 'email', '2.5.4.43'; and values are text strings.- Returns:
- a list of maps containing the subject distinguished names
-
setSubjectDN
public void setSubjectDN(java.util.List<java.util.Map<java.lang.String,java.lang.String>> subjectDN)
(Optional; PDF 1.7) A list of maps, where each map contains key value pairs, that specify the Subject Distinguished Name (DN) that must be present within the certificate for it to be acceptable for signing. The certificate must at a minimum contain all the attributes specified in one of the maps entered.- Parameters:
subjectDN
- list of maps that contains subject distinguished names
-
getKeyUsage
public java.util.List<java.lang.String> getKeyUsage()
Returns list of key usages of certificate strings where each string is 9 characters long and each character is one of these values {0, 1, X} 0 for must not set, 1 for must set, X for don't care. each index in the string represents a key usage:- digitalSignature
- non-Repudiation
- keyEncipherment
- dataEncipherment
- keyAgreement
- keyCertSign
- cRLSign
- encipherOnly
- decipherOnly
- Returns:
- list of key usages
-
setKeyUsage
public void setKeyUsage(java.util.List<java.lang.String> keyUsageExtensions)
(Optional; PDF 1.7) A List of ASCII strings, where each string specifies an acceptable key-usage extension that must be present in the signing certificate. Multiple strings specify a range of acceptable key-usage extensions; where each string 9 characters long and each character is one of these values {0, 1, X} 0 for must not set, 1 for must set, X for don't care. each index in the string represents a key usage:- digitalSignature
- non-Repudiation
- keyEncipherment
- dataEncipherment
- keyAgreement
- keyCertSign
- cRLSign
- encipherOnly
- decipherOnly
- Parameters:
keyUsageExtensions
- list of ASCII strings that consists only of {0, 1, X}
-
addKeyUsage
public void addKeyUsage(java.lang.String keyUsageExtension)
(Optional; PDF 1.7) specifies an acceptable key-usage extension that must be presennt in the signing certificate for works likesetKeyUsage(List)
but takes only one string- Parameters:
keyUsageExtension
- String that consist only of {0, 1, X}
-
addKeyUsage
public void addKeyUsage(char digitalSignature, char nonRepudiation, char keyEncipherment, char dataEncipherment, char keyAgreement, char keyCertSign, char cRLSign, char encipherOnly, char decipherOnly)
works likeaddKeyUsage(String)
but enters each character separately- Parameters:
digitalSignature
- char that is one of {0, 1, X}nonRepudiation
- char that is one of {0, 1, X}keyEncipherment
- char that is one of {0, 1, X}dataEncipherment
- char that is one of {0, 1, X}keyAgreement
- char that is one of {0, 1, X}keyCertSign
- char that is one of {0, 1, X}cRLSign
- char that is one of {0, 1, X}encipherOnly
- char that is one of {0, 1, X}decipherOnly
- char that is one of {0, 1, X}
-
removeKeyUsage
public void removeKeyUsage(java.lang.String keyUsageExtension)
Removes a key usage extension- Parameters:
keyUsageExtension
- ASCII string that consists of {0, 1, X}
-
getIssuer
public java.util.List<byte[]> getIssuer()
Returns list of array of bytes of DER-encoded X.509v3 certificates- Returns:
- a list of byte arrays representing the issuer
-
setIssuer
public void setIssuer(java.util.List<byte[]> issuers)
(Optional) A list of array of bytes containing DER-encoded X.509v3 certificates of acceptable issuers. If the signer’s certificate chains up to any of the specified issuers (either directly or indirectly), the certificate is considered acceptable for signing.- Parameters:
issuers
- A list of byte array containing DER-encoded X.509v3 certificates
-
addIssuer
public void addIssuer(byte[] issuer)
array of bytes containing DER-encoded X.509v3 certificates of acceptable issuers. If the signer’s certificate chains up to any of the specified issuers (either directly or indirectly), the certificate is considered acceptable for signing.- Parameters:
issuer
- A byte array containing DER-encoded X.509v3 certificate
-
removeIssuer
public void removeIssuer(byte[] issuer)
Removes an issuer from the issuers list- Parameters:
issuer
- A byte array containing DER-encoded X.509v3 certificate
-
getOID
public java.util.List<byte[]> getOID()
Returns A list of array of bytes that contain Object Identifiers (OIDs) of the certificate policies that must be present in the signing certificate- Returns:
- an array of object identifiers.
-
setOID
public void setOID(java.util.List<byte[]> oidByteStrings)
(Optional) A list of byte arrays that contain Object Identifiers (OIDs) of the certificate policies that must be present in the signing certificate. This field is only applicable if the value of Issuer is not empty.- Parameters:
oidByteStrings
- list of byte arrays that contain OIDs
-
addOID
public void addOID(byte[] oid)
works likesetOID(List)
but for one object- Parameters:
oid
- the object identifier.
-
removeOID
public void removeOID(byte[] oid)
removes an OID from the list- Parameters:
oid
- the object identifier to be removed.
-
getURL
public java.lang.String getURL()
returns String of the URL- Returns:
- the URL
-
setURL
public void setURL(java.lang.String url)
(Optional) A URL, the use for which is defined by the URLType entry.- Parameters:
url
- String of the URL
-
getURLType
public java.lang.String getURLType()
A name indicating the usage of the URL entry. There are standard uses and there can be implementation-specific use for this URL. The following value specifies a valid standard usage:- Browser, The URL references content that should be displayed in a web browser to allow enrolling for a new credential if a matching credential is not found. The Ff attribute’s URL bit is ignored for this usage.
- ASSP, The URL references a signature web service that can be used for server-based signing. If the Ff attribute’s URL bit indicates that this is a required constraint, this implies that the credential used when signing must come from this server.
- Returns:
- string of URL type
-
setURLType
public void setURLType(java.lang.String urlType)
(Optional; PDF 1.7) A name indicating the usage of the URL entry. There are standard uses and there can be implementation-specific uses for this URL. The following value specifies a valid standard usage:- Browser, The URL references content that should be displayed in a web browser to allow enrolling for a new credential if a matching credential is not found. The Ff attribute’s URL bit is ignored for this usage.
- ASSP, The URL references a signature web service that can be used for server-based signing. If the Ff attribute’s URL bit indicates that this is a required constraint, this implies that the credential used when signing must come from this server.
- Parameters:
urlType
- String of the urlType
-
getListOfByteArraysFromCOSArray
private static java.util.List<byte[]> getListOfByteArraysFromCOSArray(COSArray array)
-
convertListOfByteArraysToCOSArray
private static COSArray convertListOfByteArraysToCOSArray(java.util.List<byte[]> strings)
-
-